Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
git
提交
b3600c36
G
git
项目概览
李少辉-开发者
/
git
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
git
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
b3600c36
编写于
2月 19, 2013
作者:
J
Junio C Hamano
浏览文件
操作
浏览文件
下载
差异文件
Sync with v1.8.1.4
上级
20a599e2
dff9f883
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
78 addition
and
3 deletion
+78
-3
Documentation/RelNotes/1.8.1.4.txt
Documentation/RelNotes/1.8.1.4.txt
+11
-0
Documentation/git.txt
Documentation/git.txt
+2
-1
imap-send.c
imap-send.c
+65
-2
未找到文件。
Documentation/RelNotes/1.8.1.4.txt
0 → 100644
浏览文件 @
b3600c36
Git 1.8.1.4 Release Notes
=========================
Fixes since v1.8.1.3
--------------------
* "git imap-send" talking over imaps:// did make sure it received a
valid certificate from the other end, but did not check if the
certificate matched the host it thought it was talking to.
Also contains various documentation fixes.
Documentation/git.txt
浏览文件 @
b3600c36
...
...
@@ -43,9 +43,10 @@ unreleased) version of Git, that is available from 'master'
branch of the `git.git` repository.
Documentation for older releases are available here:
* link:v1.8.1.
3/git.html[documentation for release 1.8.1.3
]
* link:v1.8.1.
4/git.html[documentation for release 1.8.1.4
]
* release notes for
link:RelNotes/1.8.1.4.txt[1.8.1.4],
link:RelNotes/1.8.1.3.txt[1.8.1.3],
link:RelNotes/1.8.1.2.txt[1.8.1.2],
link:RelNotes/1.8.1.1.txt[1.8.1.1],
...
...
imap-send.c
浏览文件 @
b3600c36
...
...
@@ -31,6 +31,7 @@ typedef void *SSL;
#else
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/x509v3.h>
#endif
static
const
char
imap_send_usage
[]
=
"git imap-send < <mbox>"
;
...
...
@@ -200,12 +201,64 @@ static void socket_perror(const char *func, struct imap_socket *sock, int ret)
}
}
#ifdef NO_OPENSSL
static
int
ssl_socket_connect
(
struct
imap_socket
*
sock
,
int
use_tls_only
,
int
verify
)
{
#ifdef NO_OPENSSL
fprintf
(
stderr
,
"SSL requested but SSL support not compiled in
\n
"
);
return
-
1
;
}
#else
static
int
host_matches
(
const
char
*
host
,
const
char
*
pattern
)
{
if
(
pattern
[
0
]
==
'*'
&&
pattern
[
1
]
==
'.'
)
{
pattern
+=
2
;
if
(
!
(
host
=
strchr
(
host
,
'.'
)))
return
0
;
host
++
;
}
return
*
host
&&
*
pattern
&&
!
strcasecmp
(
host
,
pattern
);
}
static
int
verify_hostname
(
X509
*
cert
,
const
char
*
hostname
)
{
int
len
;
X509_NAME
*
subj
;
char
cname
[
1000
];
int
i
,
found
;
STACK_OF
(
GENERAL_NAME
)
*
subj_alt_names
;
/* try the DNS subjectAltNames */
found
=
0
;
if
((
subj_alt_names
=
X509_get_ext_d2i
(
cert
,
NID_subject_alt_name
,
NULL
,
NULL
)))
{
int
num_subj_alt_names
=
sk_GENERAL_NAME_num
(
subj_alt_names
);
for
(
i
=
0
;
!
found
&&
i
<
num_subj_alt_names
;
i
++
)
{
GENERAL_NAME
*
subj_alt_name
=
sk_GENERAL_NAME_value
(
subj_alt_names
,
i
);
if
(
subj_alt_name
->
type
==
GEN_DNS
&&
strlen
((
const
char
*
)
subj_alt_name
->
d
.
ia5
->
data
)
==
(
size_t
)
subj_alt_name
->
d
.
ia5
->
length
&&
host_matches
(
hostname
,
(
const
char
*
)(
subj_alt_name
->
d
.
ia5
->
data
)))
found
=
1
;
}
sk_GENERAL_NAME_pop_free
(
subj_alt_names
,
GENERAL_NAME_free
);
}
if
(
found
)
return
0
;
/* try the common name */
if
(
!
(
subj
=
X509_get_subject_name
(
cert
)))
return
error
(
"cannot get certificate subject"
);
if
((
len
=
X509_NAME_get_text_by_NID
(
subj
,
NID_commonName
,
cname
,
sizeof
(
cname
)))
<
0
)
return
error
(
"cannot get certificate common name"
);
if
(
strlen
(
cname
)
==
(
size_t
)
len
&&
host_matches
(
hostname
,
cname
))
return
0
;
return
error
(
"certificate owner '%s' does not match hostname '%s'"
,
cname
,
hostname
);
}
static
int
ssl_socket_connect
(
struct
imap_socket
*
sock
,
int
use_tls_only
,
int
verify
)
{
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
const
SSL_METHOD
*
meth
;
#else
...
...
@@ -213,6 +266,7 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
#endif
SSL_CTX
*
ctx
;
int
ret
;
X509
*
cert
;
SSL_library_init
();
SSL_load_error_strings
();
...
...
@@ -256,9 +310,18 @@ static int ssl_socket_connect(struct imap_socket *sock, int use_tls_only, int ve
return
-
1
;
}
if
(
verify
)
{
/* make sure the hostname matches that of the certificate */
cert
=
SSL_get_peer_certificate
(
sock
->
ssl
);
if
(
!
cert
)
return
error
(
"unable to get peer certificate."
);
if
(
verify_hostname
(
cert
,
server
.
host
)
<
0
)
return
-
1
;
}
return
0
;
#endif
}
#endif
static
int
socket_read
(
struct
imap_socket
*
sock
,
char
*
buf
,
int
len
)
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录